Site to Site vpn tunnel trouble

I need to give a customer access to a few of our clustered servers that are on my internal network. We already have a vpn tunnel set up with them, however they are already using the additional subnets we need them to have access to so we need to nat them to external ip addresses. The servers we need them to have access to are 2 nodes in a microsoft windows cluster. So I need to give them access to:
node 1: 192.168.40.21
node 2: 192.168.40.22
Cluster/sql ip: 192.168.40.24

In short, i would like to give them access to those 3 ip addresses but NAT those ip addresses to an external ip address statically.

192.168.40.21=66.x.x.1
192.168.40.22=66.x.x.2
192.168.40.24=66.x.x.3

Below is some lines of config taken from my pix. I am trying to get the 40.24 up first and then add the rest later. The customer says the ike is up but the ipsec session wont establish. Help!

Hello joebass47,
It doesnt have to be a public IP like 66.a.b.1 necessarily. Here is my recommendation
no global (outside) 2 66.a.b.1-66.a.b.4 netmask 255.255.255.0
no nat (inside) 2 access-list conditional_nat

Make sure of 2 things
1) You do not have nat 0 (Exempt NAT) statements that can cover source and destinations specified in conditional nat such as
access-list inside_nat0_outbound permit ip 192.168.40.0 255.255.255.0 any
2) Remote site has the exact mirror of your interesting traffic ACL, like following

If that two existing statements do not cover my above mirror acl entries and do not make them useless, then you can use that acl. But remember, ACL 103 must exactly be mirrored at remote site. If doesnt work, post the ACL 103

I sometimes forget the questions i participate, I just saw the email. But if you have followed the suggestions correctly, the solution was in my first suggestion.
"Make sure of 2 things
1) You do not have nat 0 (Exempt NAT) statements that can cover source and destinations specified in conditional nat such as
access-list inside_nat0_outbound permit ip 192.168.40.0 255.255.255.0 any"

The suggestion made in link you specified doesnt make sense, VPN Client and NAT are not safety criterias to choose from.

The problem is your exempt nat acl contains the statement we entered for conditional nat. So traffic is already exempted without reaching our CNAT static. Simply removing the following line should solve the issue

Nice to hear that your issue is resolved and sad to see grade B for a good answer to a long to read and time consuming question which experts usually refrain to participate. Please open up a ticket to close the other question you opened up with a full refund since it is resolved.
Regards

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty.
Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…

Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…